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DETAILED ACTION 
Response to Amendment 

This office action is in response to amendment filed on 7/17/06. The amendment filed on 
7/17/06 have been entered and made of record. Therefore, presently pending claims are 1, 4-7, 9- 
11, 16, 18, and 22-39. 

Response to Arguments 

Applicant's arguments filed 7/17/06 have been fully considered. However, due to the 
Applicant's amendment, new grounds of rejection have been provided. Below is the new 
rejection. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 5, 7, 16, 18, 22-28, 31-32, and 35-39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Rowland et al (5,848,412) in view of Hind et al. (6,941,459 Bl) in view 
of the book by Stallings ("Network and Internetwork Security"). 

In reference to claims 1, 16, 31, and 35, Rowland discloses a method for sharing user 
information, comprising (abstract): receiving from a user an identification of a level of access 
that is to be extended to a web site host (column 5 lines 14-23); . assigning a user code to the web 
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site host when the user visits a web site maintained by the web site host (Fig. 6); receiving form 
the web site host a request for information concerning the user and the name of the server 
(column 6 lines 24-32); determining a level of access for which the web site host is authorized 
from the user code received form the web site host (column 6 lines 50-54); and transmitting user 
information to the web site host that pertains to the user code (part 712 Fig. 7). 

Rowland does not expressly disclose sending the assigned user code from the network 
service to the user computer to enable the user to provide the user code. 

Hind discloses receiving with a network service an identification of a level of access to 
user information that is to be extended to a web site host, the identification being received from a 
user computer via a network (Fig. 9B); assigning with the network a user code that is pertinent to 
the identified level of access (column 28 lines 45-55); sending the assigned user code from the 
network service to the user computer via a network to enable the user to provide the user code to 
the web site host when the user visits a web site maintained by the web site host (column 28 lines 
24-44); and transmitting from the network service to the web site host via a network user 
information that pertains to the user code (column 27 lines 24-29). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to selectively encrypt the service as disclosed by Hind in the system of Rowland. 
One of ordinary skill in the art would have been motivated to do this because it would enable the 
service to be controlled for multiple users (Hind Abstract). 

Although Rowland discloses a process to determine the level of access available to the 
web site, Rowland does not disclose a system wherein the browser receives an access code to 



Application/Control Number: 09/83 8,807 Page 4 

Art Unit: 2135 

determine the level of access. Rowland also teachers receiving from the website host a request 
for information concerning the user. 

Stallings discloses a system wherein the Initiator A provides Responder B 5 which 
corresponds to the website host, with the nonce Nl (user code) when the user visits Responder B. 
Stallings teaches further receiving from the Responder B the nonce Nl, user code that was 
received from the web site host (pages 135-136 Figure 4.16). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to provide the user access code in the form of a Nonce and to then receive the 
Nonce Nl from the Responder, web site host, for determining the level of access in Rowland. 
One of ordinary skill in the art would have been motivated to do this because sending the 
receiving the user code that was provided earlier ensures that the correct code is at the receiver 
and the sender, further the nonce can be used to uniquely identify the transaction. 

In reference to claims 27 and 31, Rowland discloses a method for sharing user 
information, comprising (abstract): assigning with the e-service a user code to each level of 
access and therefore each information set (71 1 Fig. 7 and column 6 lines 11-18); receiving at the 
e-service from the user an indication of a level of access that is to be granted to all web sites 
visited by the user (712 Fig. 7); determining with the e-service a level of access for which the 
web site host is authorized form the user code received from the web site host (column 6 lines 
50-54); and transmitting from the e-service to the web site host user information that pertains to 
the user code received from the web site host (column 6 lines 64-67). An e-service is any asset 
that is made available via the Internet to drive new revenue streams or create new efficiencies. 
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In the system of Rowland the website receives user information and therefore an e-service since 
the user information is an asset that is made available via the Internet to create new efficiencies. 

Rowland does not expressly disclose sending to the user computer from the e-service a 
network a user code associated with the selected level of access. 

Hind discloses receiving from the user computer with the e-service via a network 
selection of a level of access (column 28 lines 45-44); sending to the user computer form the e- 
service via a network a user code associated with the selected level of access (column 28 lines 
24-44); receiving from a web site host the e-service (column 27 lines 24-29). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to selectively encrypt the service as disclosed by Hind in the system of Rowland. 
One of ordinary skill in the art would have been motivated to do this because it would enable the 
service to be controlled for multiple users (Hind Abstract). 

Although Rowland discloses the use of access level (user code) for the e-service, 
Rowland does not teach receiving at the e-service a user code that has been provided to a web 
site host by the user. 

Stallings discloses a system wherein the Initiator A provides Responder B, which 
corresponds to the website host, with the nonce Nl (user code) when the user visits Responder B 
(pages 135-136 Figure 4.16). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to provide the user access code in the form of a Nonce and to then receive the 
Nonce Nl from the Responder, web site host, for determining the level of access in Rowland. 
One of ordinary skill in the art would have been motivated to do this because sending the 



Application/Control Number: 09/838,807 Page 6 

Art Unit: 2135 

receiving the user code that was provided earlier ensures that the correct code is at the receiver 
and the sender, further the nonce can be used to uniquely identify the transaction. 

In reference to claims 5, 18, and 36, wherein the step of determining the level of access 
comprises comparing the user code provided by the web site host with a user code assigned to 
the user and relevant to a particular user information set (column 5 lines 55-58). 

In reference to claims 7 and 38 wherein the step of transmitting user information 
comprises transmitting user profile information while withholding personal information about 
the user (Fig. 6). 

In reference to claims 22 and 39, wherein receiving an identification of a level of access 
comprises receiving selection of one of an anonymous mode in which only profile information 
and no personal information is provided, and a full disclosure mode in which profile information 
and personal information is provided (column 5 line 66 to column 6 line 7). 

In reference to claim 23 wherein receiving an identification of a level of access further 
comprises receiving user selection of a category of information to share (Fig. 5). 

In reference to claim 24, wherein receiving user selection of a category comprises 
receiving user selection of at least one of a personal category a business category, and a financial 
category. 

In reference to claims 25 and 37, wherein assigning a user code comprises assigning a 
first code pertinent to an initial level of access to be provided to the web site host and a second 
code pertinent to a deeper level of access that can be manually provided by the user if desired. 

Although Rowland discloses assigning codes to websites that are possibly assigned 
manually, Rowland does not disclose assigning he second code pertinent to a deeper level of. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more levels of code pertinent to deeper levels of access in the system 
Rowland. One of ordinary skill in the art would have been motivated to do this because it would 
allow greater control on the amount of access. 

In reference to claims 26, 28, and 32, wherein providing the user code comprises 
automatically providing the first user code to the web site host when the user visits the web site, 
and providing the second user code to the web site host if the user chooses to so provide the 
second user code. 

Although Rowland discloses assigning codes to websites that are possibly assigned 
manually or automatically, Rowland does not disclose assigning he second code pertinent to a 
deeper level of. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more levels of code pertinent to deeper levels of access in the system 
Rowland. One of ordinary skill in the art would have been motivated to do this because it would 
allow greater control on the amount of access. 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland in view 
of Hind and further in view of Stallings as applied to claim 1 above, and further in view of 
Schneier. 

In reference to the user code comprises a transient key. A transient key is a key that 
expires after a period of time. 
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Rowland does not expressly disclose the code that was designated by the user comprising 
a transient key. 

Schneier teaches that a key should expire automatically; therefore a system should have a 
policy that determines the permitted lifetime of a key (pages 183-1 84). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a code that expires after a certain period of time as disclosed in Schneier in 
the system of Rowland. One of ordinary skill in the art would have been motivated to do this 
because the longer the code is used the greater the chance that the system will be compromised. 

Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Rowland in view 
of Stallings as applied to claim 1 above, and further in view of Henrick et al (6,055,5 10). 

Regarding transmitting user information from a centralized repository which stores user 
information for a plurality of users. • 

Rowland does not expressly disclose transmitting the user information from a centralized 
repository that stores user information fro a plurality of users. 

Henrick discloses a system and method of storing user information in a centralized 
repository (column 4 lines 32-37) and transmitting the user information from this centralized 
repository to a website (particular advertiser; column 4 line 66 to column 5 line 10) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a central repository to store the user information and transmit the user 
information to the host website. One of ordinary skill in the art would have been motivated to do 
this because the ISP can take advantage of the unique customer knowledge with respect to user 
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likes and dislikes, while preserving the privacy of the customer, to attract businesses with interest 
in customer bases. 

Claims 29-30, and 33-34 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Rowland in view of Hind and further in view of Stallings as in claims 1,16, 27, and 3 1 and 
further in view of Davis et al (6,367,009 Bl) 

In reference to claim 30, and 34, Rowland discloses a method for acquiring user 
information that is used to personalize a web site for the user (column 1 lines 1-30 in 
combination with abstract). 

Although Rowland discloses the website host requesting user information (column 6 lines 
12-15), Rowland does not disclose the user information being stored at centralized repository and 
providing the user code to the centralized repository, 

Davis discloses the ETS that is a relational database manager (centralized repository 
storing) that stores user information needed by the intermediate MTS (website server; column 9 
lines 24-48). The client delegates authentication to the MTS to retrieve the user information. 
The MTS uses the certificate chain, which includes information from the client certificate that 
was provided by the client (column 13 lines 1-58), this performs the function of providing 
authentication and code required by the ETS (column 14 lines 14-40) to authenticate the MTS 
and provide the user information (column 9 lines 25-48 in combination with column 13 lines 53- 
58). This is the function of the user code sent to the website host. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a central repository to store the user information and transmit the user 
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information to the host website. One of ordinary skill in the art would have been motivated to do 
this because the ISP can take advantage of the unique customer knowledge with respect to user 
likes and dislikes, while preserving the privacy of the customer, to attract businesses with interest 
in customer bases. 

In reference to claim 29, and 33, wherein the user code is automatically appended to a 

uniform resource locator (URL) of the web site. 

Rowland and Davis do not expressly disclose the code being appended to the URL of the 

* 

web site. 

However, since Davis discloses sending the certificate as part of a message and Rowland 
discloses sending the request with the information that the web server requires, at the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to append 
the code to the URL. One of ordinary skill in the art would have been motivated to do this 
because it would conserve bandwidth to send it as one message instead of multiple messages. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). ' 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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